package com.example.mes_sys.controller;

import com.example.mes_sys.dto.LoginRequestDto;
import com.example.mes_sys.service.LoginService;
import com.example.mes_sys.vo.UserDetailsVo;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequiredArgsConstructor
public class LoginController {
    private final LoginService loginService;
    @GetMapping("/")
    public String home() {
        return "home";
    }

    @PostMapping("/login")
    public UserDetailsVo login(@RequestBody @Valid LoginRequestDto loginRequest) {
        return loginService.login(loginRequest);
    }

    @GetMapping("/dashboard")
    public String dashboard() {
        return "dashboard";
    }

    @GetMapping("/admin")
    @PreAuthorize("hasAnyAuthority('1')") // 方法级权限控制
    public String adminPanel() {
        return "admin";
    }

    @GetMapping("/access-denied")
    public String accessDenied() {
        return "access-denied";
    }
}
